현재 위치: WiKi Security Spirit » 인식제고 관리

차이

문서의 선택한 두 판 사이의 차이를 보여줍니다.

차이 보기로 링크

양쪽 이전 판이전 판
다음 판		이전 판
awareness [2013/07/08 08:16] 220.71.11.86awareness [2024/04/04 05:12] (현재) – 바깥 편집 127.0.0.1
줄 2: 줄 2:
  
 ===== 정보보안 인식(Security awareness) ===== ===== 정보보안 인식(Security awareness) =====
-(출처 : wikipedia)\\ 
-보안 인식은 물리적이고 특별한 조직의 특별한 정보자산의 보호에 관련하여 조직 구성원의 지식과 태도를 말한다.  
  
-정보인식 훈련에 포함할 내용 : +==== 정보보안 인식 개요 ====
- +
-  * The nature of sensitive material and physical assets they may come in contact with, such as trade secrets, privacy concerns and government classified information +
-  * Employee and contractor responsibilities in handling sensitive information, including review of employee nondisclosure agreements +
-  * Requirements for proper handling of sensitive material in physical form, including marking, transmission, storage and destruction +
-  * Proper methods for protecting sensitive information on computer systems, including password policy and use of two-factor authentication +
-  * Other computer security concerns, including malware, phishing, social engineering, etc. +
-  * Workplace security, including building access, wearing of security badges, reporting of incidents, forbidden articles, etc. +
-  * Consequences of failure to properly protect information, including potential loss of employment, economic consequences to the firm, damage to individuals whose private records are divulged, and possible civil and criminal penalties +
- +
-----+
 \\ \\
 (techtarget.com)\\ (techtarget.com)\\
-Security awareness training is a formal process for educating employees about computer security.+Security awareness training is a formal process for educating employees about computer security.\\ 
 +A good security awareness program should educate employees about corporate policies and procedures for working with information technology (IT).  Employees should receive information about who to contact if they discover a security threat and how to handle confidential information. Regular training is particularly necessary in organizations with high turnover rates and those that rely heavily on contract or temporary staff.  Confirming how well the awareness program is working can be difficult. The most common metric looks for a downward trend in the number of incidents over time.\\ 
 + 
 +\\ 
 +보안인식 훈련은 컴퓨터 보안을 교육하는 정식과정이다. 
 +좋은 프로그램은 직원들에게 IT기술을 활용하는 업무에 대한 회사정책과 절차를 교육해야 한다.\\ 
 +[NIST 보안인식훈련 가이드 [[http://csrc.nist.gov/publications/nistpubs/800-50/NIST-SP800-50.pdf|다운로드]]] 
 +---- 
 + 
 +  * [[:awareness:정보인식 훈련에 포함할 내용]] 
  
-A good security awareness program should educate employees about corporate policies and procedures for working with information technology (IT).  Employees should receive information about who to contact if they discover a security threat and how to handle confidential information. Regular training is particularly necessary in organizations with high turnover rates and those that rely heavily on contract or temporary staff.  Confirming how well the awareness program is working can be difficult. The most common metric looks for a downward trend in the number of incidents over time.+===== 인식제고 자료 ===== \\ 
 +당신의 스마트폰은 안전합니까? \\ 
 +  * [[:교육자료-1:당신의 스마트폰은 안전합니까?]]
  
-The National Institute of Standards and Technology (NIST) has an excellent publication with templates and guides for what should go into a security awareness training program. The 70-page document is available for free in PDF format from the institute's Web site. 

추적: